Overview

overview

1

Static

static

1

76afbd3b6c...65.exe

windows7-x64

1

76afbd3b6c...65.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 06:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76afbd3b6c467410713f5172cd405f65.exe

  • Size

    449KB

  • MD5

    76afbd3b6c467410713f5172cd405f65

  • SHA1

    4ccf93ddd143bdb85c7b5a6513772648e67afea7

  • SHA256

    12b1a8c5708ed289118285f984a969e24274a7264fa003af7054b39570b6ab17

  • SHA512

    44331776f4ac1bd20b9879447efad40c269963302403414606d415bee54e8e75e7dc787af9d6e74bc95b8bdc191ca5bb16114625c37d0bf6d08e43bb7718ae95

  • SSDEEP

    6144:ci/BIo69tiCWYaC8PIoLFIn453f8CYUeWPFHF/1Bz7QGQxf3Rr9OUNGtxHEr:h/e95kRLE45P8MFlQGQzzIM

Score
1/10

Malware Config

Signatures

  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\76afbd3b6c467410713f5172cd405f65.exe
    "C:\Users\Admin\AppData\Local\Temp\76afbd3b6c467410713f5172cd405f65.exe"
    1⤵
    • Modifies registry class
    • Modifies system certificate store
    PID:2024

Network

  • flag-us
    DNS
    www.microsoft.com
    76afbd3b6c467410713f5172cd405f65.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-us
    DNS
    sf.symcd.com
    76afbd3b6c467410713f5172cd405f65.exe
    Remote address:
    8.8.8.8:53
    Request
    sf.symcd.com
    IN A
    Response
    sf.symcd.com
    IN CNAME
    mpki-ocsp.digicert.com
    mpki-ocsp.digicert.com
    IN CNAME
    fp3011.wpc.2be4.phicdn.net
    fp3011.wpc.2be4.phicdn.net
    IN CNAME
    fp3011.wpc.phicdn.net
    fp3011.wpc.phicdn.net
    IN A
    152.199.19.74
  • flag-us
    GET
    http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFhIORPg28qrZMyHR38xpm4%3D
    76afbd3b6c467410713f5172cd405f65.exe
    Remote address:
    152.199.19.74:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFhIORPg28qrZMyHR38xpm4%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: sf.symcd.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=86400
    Content-Type: application/ocsp-response
    Date: Fri, 26 Jan 2024 06:57:19 GMT
    Server: nginx
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Content-Length: 1551
  • flag-us
    DNS
    api.secretsauce.biz
    76afbd3b6c467410713f5172cd405f65.exe
    Remote address:
    8.8.8.8:53
    Request
    api.secretsauce.biz
    IN A
    Response
    api.secretsauce.biz
    IN CNAME
    secretsauce.biz
    secretsauce.biz
    IN A
    8.37.113.214
  • flag-us
    POST
    http://api.secretsauce.biz/rs
    76afbd3b6c467410713f5172cd405f65.exe
    Remote address:
    8.37.113.214:80
    Request
    POST /rs HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: api.secretsauce.biz
    Content-Length: 282
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: no-cache, no-store
    Pragma: no-cache
    Content-Type: text/plain
    Expires: -1
    Server: Microsoft-IIS/10.0
    Access-Control-Allow-Origin: *
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    p3p: CP="CAO PSA OUR"
    Date: Fri, 26 Jan 2024 06:57:23 GMT
    Content-Length: 0
  • 152.199.19.74:80
    http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFhIORPg28qrZMyHR38xpm4%3D
    http
    76afbd3b6c467410713f5172cd405f65.exe
    460 B
     2.0kB
     5
    4

    HTTP Request

    GET http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFhIORPg28qrZMyHR38xpm4%3D

    HTTP Response

    200
  • 8.37.113.214:80
    http://api.secretsauce.biz/rs
    http
    76afbd3b6c467410713f5172cd405f65.exe
    670 B
     499 B
     5
    4

    HTTP Request

    POST http://api.secretsauce.biz/rs

    HTTP Response

    200
  • 8.8.8.8:53
    www.microsoft.com
    dns
    76afbd3b6c467410713f5172cd405f65.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

  • 8.8.8.8:53
    sf.symcd.com
    dns
    76afbd3b6c467410713f5172cd405f65.exe
    58 B
     172 B
     1
    1

    DNS Request

    sf.symcd.com

    DNS Response

    152.199.19.74

  • 8.8.8.8:53
    api.secretsauce.biz
    dns
    76afbd3b6c467410713f5172cd405f65.exe
    65 B
     95 B
     1
    1

    DNS Request

    api.secretsauce.biz

    DNS Response

    8.37.113.214

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1E7E.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2024-0-0x0000000074050000-0x00000000745FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2024-1-0x0000000074050000-0x00000000745FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2024-2-0x0000000000140000-0x0000000000180000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2024-63-0x0000000074050000-0x00000000745FB000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.